Your message dated Thu, 25 May 2017 21:34:08 +0000
with message-id <[email protected]>
and subject line Bug#861145: fixed in openssl1.0 1.0.2l-1
has caused the Debian Bug report #861145,
regarding openssl: SHA Extension routine is not called on new AMD cpu "Ryzen".
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
861145: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861145
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: openssl
Version: 1.1.0e-1
Severity: normal
Dear Maintainer,
[Introduction]
AMD added support in their processors for SHA Extensions[1] (CPU flag:
sha_ni[2]) starting with Ryzen[3] CPU.
Note that Ryzen CPU come in 64bit only. Current OpenSSL version in Ryzens still
calls SHA for SSSE3 routine as result a number of extensions were effectively
masked on Ryzen and shows no improvement.
[1] /proc/cpuinfo
processor : 0
vendor_id : AuthenticAMD
cpu family : 23
model : 1
model name : AMD Ryzen 5 1600 Six-Core Processor
flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36
clflush mmx fxsr sse sse2 ht syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm
constant_tsc rep_good nopl nonstop_tsc extd_apicid aperfmperf eagerfpu pni
pclmulqdq monitor ssse3 fma cx16 sse
4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand lahf_lm cmp_legacy svm
extapic cr8_legacy abm sse4a misalignsse 3dnowprefetch osvw skinit wdt tce
topoext perfctr_core perfctr_nb bpext perfctr_l2 mwaitx hw_pstate vmmcall
fsgsbase bmi1 avx2 smep bmi2 rdseed adx smap clflusho
pt sha_ni xsaveopt xsavec xgetbv1 clzero arat npt lbrv svm_lock nrip_save
tsc_scale vmcb_clean flushbyasid decodeassists pausefilter pfthreshold
[2] - sha_ni: SHA1/SHA256 Instruction Extensions
[3] - https://en.wikipedia.org/wiki/Ryzen
....
All models support: x87, MMX, SSE, SSE2, SSE3, SSSE3, SSE4.1, SSE4.2, AES,
CLMUL, AVX, AVX2, FMA, CVT16/F16C, ABM, BMI1, BMI2, SHA.[5]
....
[Program to performs the CPUID check]
Reference :
https://software.intel.com/en-us/articles/intel-sha-extensions
.... Availability of the IntelĀ® SHA Extensions on a particular processor can be
determined by checking the SHA CPUID bit in CPUID.(EAX=07H, ECX=0):EBX.SHA [bit
29]. The following C function, using inline assembly, performs the CPUID check:
--
int CheckForIntelShaExtensions() {
int a, b, c, d;
// Look for CPUID.7.0.EBX[29]
// EAX = 7, ECX = 0
a = 7;
c = 0;
asm volatile ("cpuid"
:"=a"(a), "=b"(b), "=c"(c), "=d"(d)
:"a"(a), "c"(c)
);
// IntelĀ® SHA Extensions feature bit is EBX[29]
return ((b >> 29) & 1);
}
--
On CPU with sha_ni the program return "1". Otherwise it return "0".
[Upstream work]
- GitHub PR :
https://github.com/openssl/openssl/issues/2848
- Repository :
https://github.com/openssl/openssl.git
- Commits :
1aed5e1 crypto/x86*cpuid.pl: move extended feature detection.
## This fix moves extended feature detection past basic feature detection where
it belongs.
f8418d8 crypto/x86_64cpuid.pl: move extended feature detection upwards.
## This commit for x86_64cpuid.pl addressed the problem, but messed up
processor vendor detection.
-- System Information:
Debian Release: 8.7
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.4.0-62-generic (SMP w/8 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
--- End Message ---
--- Begin Message ---
Source: openssl1.0
Source-Version: 1.0.2l-1
We believe that the bug you reported is fixed in the latest version of
openssl1.0, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Kurt Roeckx <[email protected]> (supplier of updated openssl1.0 package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 25 May 2017 22:53:57 +0200
Source: openssl1.0
Binary: libssl1.0.2 libssl1.0-dev libcrypto1.0.2-udeb libssl1.0.2-udeb
Architecture: source
Version: 1.0.2l-1
Distribution: unstable
Urgency: medium
Maintainer: Debian OpenSSL Team <[email protected]>
Changed-By: Kurt Roeckx <[email protected]>
Description:
libcrypto1.0.2-udeb - Secure Sockets Layer toolkit - libcrypto udeb (udeb)
libssl1.0-dev - Secure Sockets Layer toolkit - development files
libssl1.0.2 - Secure Sockets Layer toolkit - shared libraries
libssl1.0.2-udeb - ssl shared library - udeb (udeb)
Closes: 861145
Changes:
openssl1.0 (1.0.2l-1) unstable; urgency=medium
.
* New upstream release
- Properly detect features on the AMD Ryzen processor (Closes: #861145)
* Refresh valgrind.patch
Checksums-Sha1:
fe8aaa4dbad1b59b17acf1f332e7f08a65899b30 2529 openssl1.0_1.0.2l-1.dsc
b58d5d0e9cea20e571d903aafa853e2ccd914138 5365054 openssl1.0_1.0.2l.orig.tar.gz
82a8013979d2aaa437bf58bf99355317b25e2e2a 455 openssl1.0_1.0.2l.orig.tar.gz.asc
ca6f0436b7cfacf6b059a4a614a41222f2c71614 75856
openssl1.0_1.0.2l-1.debian.tar.xz
456ab978184f8a3c10fdb041968c27f46c66eaea 5202
openssl1.0_1.0.2l-1_source.buildinfo
Checksums-Sha256:
a691354d824009f58d3640a9103953b2ac21ae33b8c563d347b0e27510efedb6 2529
openssl1.0_1.0.2l-1.dsc
ce07195b659e75f4e1db43552860070061f156a98bb37b672b101ba6e3ddf30c 5365054
openssl1.0_1.0.2l.orig.tar.gz
ad459d4de6c30c1889272e38144598847c8ba8e5f0892797543607e8d6d9be5f 455
openssl1.0_1.0.2l.orig.tar.gz.asc
68d30a3901c174d35c447d20c1c9ea8d0eea19e56c4d0bcf670e8cae71c81714 75856
openssl1.0_1.0.2l-1.debian.tar.xz
749aa91427517441dde6cb802c9bbebcac5b9a2af5c5885c6f49c443666740b8 5202
openssl1.0_1.0.2l-1_source.buildinfo
Files:
d53330656cdb3988bf8765a075902b8f 2529 utils optional openssl1.0_1.0.2l-1.dsc
f85123cd390e864dfbe517e7616e6566 5365054 utils optional
openssl1.0_1.0.2l.orig.tar.gz
349b0b84fea6cdb910f59e3174a9167c 455 utils optional
openssl1.0_1.0.2l.orig.tar.gz.asc
6bc2851a25d91526fda35e33e9fb025e 75856 utils optional
openssl1.0_1.0.2l-1.debian.tar.xz
54a07c4c48c04934d5a69f8290b87bc9 5202 utils optional
openssl1.0_1.0.2l-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUWHm1ANgDdycoJP748TdzR5MEkQFAlknSmEACgkQ48TdzR5M
EkTaRQ//Xr2chprRKQ5HlXorI8oH4hRNEzRnPhxyMgfospGdWM/kLVj6HEfGLw0G
VVb7rNqpAdQ7/H86p2dcchxNOHDuvlwVRWyRd/a6fk9FC/4PnCzpoGX9HY7InyC+
qyKjRjYTPSOlWB7g79RF459n8WCcv0h5EXSlQcYXMrT2ABSXGDt4mJjUZ+XXUOWi
2bW3pPfM0PDok9lrbOSOQNnV9LIQTdywn/bF2pkEGfHk7JaiBQzQMRMrrCwyNnmG
zO9sK+hZllzYQqPg7MTLCmJc6I8z1OxlZe/FlrH4F99yK+geP+5jvPYxo2HjUhcl
s2lKCqrUd9W+MAHSElf+//MC3fSLyTlusAjmuTcbEOqjAfuYBihiCg7NvJU0yqh+
llsybSiE1BGB48OM68hQhrToZSTphp6Iau7ERl39mlQeadL0n5VMFgbrLUONyVlX
Px/izfO0/LmOKm+xNXSJd6kN6xahLL+GcJGFCJ77+pBqdFwTW4aAPhTJ1PY85WcT
xGI6zYL5k2AJj1M7hSR4uW0c7EsOKBtO4Dm/SvGPv+WuHlAK2waZBnB10T8QIgJu
Q8QIny6CBVUPA2MpaNEaR7SCsVbZQS66Fgcz1f04BW2or+tq2IfewJei2tud4x1d
a1vAdMxrf3TRCYSoINGIGn1n6wsED6abpcydotBsnIm80DkflKI=
=pVJV
-----END PGP SIGNATURE-----
--- End Message ---
